This checklist is designed to help you assist giving your agency or 3rd party access to your Engaging Networks account safely and securely so they can carry out projects. It outlines some of the key things you may need to consider taking action on when working with your agency.
Adding A 3rd Party Agency To Your Account
When working with an agency you may need to give them access to your Engaging Networks account and you may want to limit visibility to certain pages and / or data.
For security reasons we would suggest that 3rd parties are only set up as Users on your account. You can find step by step instructions on adding a user here.
If your organization’s security policies require two factor authentication to be enabled on Engaging Networks accounts you can choose to add this in the user’s settings when you set them up in your account.
System Permissions
The level of access you give the 3rd party is entirely controlled by you the client. Engaging Networks will not give account access to any third party on behalf of a client, so you will need to set up the appropriate system access permissions yourself to give any 3d party access depending on what type of work they’re carrying out.
You can read more on how to set user permissions and permission groups in this site.
Data Access
3rd party agencies may need to test that data is populating correctly into your database from pages or external integrations.
You can either give temporary data access to your agency using system permissions, or if you wish to shield your supporter database from access by the agency you can create a permission group for the agency and use the ‘data view’ function in your account to restrict access to records that contain only a specified value.
So, for example you could set up an agency permission group and set the Data View setting of the group to only display records where the first name field matches the word ‘agency’.
You can add the agency user to this permission group and they could then test page submissions by filling in the first name field as ‘agency’. They would then only have access to the test records they have created in your database and not the rest of the live supporter records
This also helps you find and delete any test records created by a 3rd party agency to clean up your database after a project has been completed.
API Access
If the 3rd party agency requires access to the REST Application Programming Interface (API) you may need to set them up as an API user in your account. Click here to find out how to create an API User.
In addition you’ll need to grant access to API in the permission group the user is part of.
Tokens
If the 3rd party agency needs access to the Engaging Networks API then they’ll most likely request a public or a private token from you depending on the scope of the project.
Public Token
A public token is a key that developers can use to access limited information from your account through our API. This allows developers to create extended functionality (for example custom display widgets)
Private Token
A private token is a key that gives developers full access to your database records and may be needed for data integration.
Creating & Managing Tokens
Tokens must be created by the client, logged in to Engaging Networks as a Super Admin. Users with User or Admin access do not have access to tokens.
For full details on creating, assigning and the security of tokens please see here.